resend quarantined whole message with exim? [SOLVED]

Kirk Lowery klowery at whi.wts.edu
Thu Feb 26 18:46:48 GMT 2004


A couple of corrections:

The correct MailScanner quarantine directory of "message" files is, of
course,

/var/spool/MailScanner/quarantine/[YYYYMMDD]/[message-id]/message

for example:

/var/spool/MailScanner/quarantine/20040223/1AvMFw-0000uq-81/message

Second, using the command "exim4 -t < message" works great -- except for
incoming messages from internet discussion lists, or any general bulk
emailer. All this command will do is send it *back* to the list! Not
what you want to do! Watch the "To:", "Cc:" and "Bcc:" headers to make
sure the message is only delivered locally or to where you intend it to go.

In this case, it is better to force delivery to a specific address:

exim4 localName at myDomain.com < message

**************
**************

The situation:

Your MailScanner.conf has "Quarantine Whole Messages As Queue Files =
no" which means that incoming email that is quarantined by MailScanner
is saved as "/var/spool/MailScanner/quarantine/[message-id]/message" and
not with the [message-id]-D and [message-id]-H queue files.

The problem:

Sometimes there are "false positives" for virii and spam. What you want
to do is to deliver a specific message(s) anyway. And your Mail
Transport Agent is exim.

Solution 1:

Change the configuration option to "Quarantine Whole Messages As Queue
Files" to "yes". [message-id]-D and [message-id]-H queue files will be
saved by MailScanner, and one simply moves those files to the exim
output queue (on my Debian "sarge" system, that would be
/var/spool/exim4/input). The next time the exim daemon runs, these files
will be flushed. Thanks to Martin Hepworth for this solution (further
details on his method are below.

This works great for all email which arrives *after* the config setting
is changed. But one still has all those "message" files left over. What
about them?

Solution 2:

A simpler solution is not to change "Quarantine Whole Messages As Queue
Files = no" at all. Simply cd (on my system) to

"/var/spool/MailScanner/quarantine/[message-id]/"

and as the exim admin user (or root) type:

exim4 -t < message

exim4 is the exim executable on my system. The "-t" option tells exim to
use the "To:", "CC:", "BCC:" for recipient and delivery information. The
"<" reads the file "message" to the standard input, which is what exim
expects.

Solution 2 has been tested and so far seems to work without any
surprising side effects.

Kirk

Martin Hepworth wrote:

> you'll need the email saved as queue files (a setting in
> MailScanner.conf)
>
> the cd to the directory with the queue files in it..
>
> cp -p *H *D /var/spool/exim/input
>
> (assumming the post MS exim queue is in /var/spool/exim as in the
> MS-exim how-to).
>
> force delivery of the message with
>
> exim -C /usr/local/etc/exim/configure.out -M message-id
>
> where message-id is the name of the files you just moved without the
> -D and -H

Thanks for your response! This is helpful.

Yes, I also found the setting in MailScanner.conf for this (Debian
defaults to "no" for "Quarantine Whole Messages As Queue Files" this
setting; I think I'll file a bug on it with the Debian MailScanner
package...).

But what can I do with the files already combined with headers and
message body? Is there some MailScanner or exim command that will split
them out to queue files?

Kirk
--
Theorie ist, wenn man alles weiss und nichts klappt.
Praxis ist, wenn alles klappt und keiner weiss warum.
Bei uns sind Theorie und Praxis vereint:
nichts klappt und keiner weiss warum!



More information about the MailScanner mailing list